HOME > CSR&Environmental Activities > Information Security Management

Information Security Management

Basic Policies for Information Security

In recognition that information related to business activities must be shared and used appropriately under safe and sure management, Amano has placed this as one of its key management initiatives. The "Basic Policies for Information Security" was established as a part of enhancing internal control.

Information Security Management System

In accordance to the "Basic Policies for Information Security" and "Privacy Policy" we are implementing PDCA cycles related to Information Security Management / Personal Information Protection.

[Basic Policies for Information Security] Plan (Plan) Do (Execute and Operate) Check (Check and Audit) Action (Review and Prevent)

Information Security Management / Privacy Policy Structure

Representative of business(President)→Supervisor for Information security management / Personal Information Protection(Officer in charge)→Person in charge of divisional information management(Office General Manager) Representative of business(President)→Supervisor for Information security management / Personal Information Protection(Officer in charge)→Information security management committee / Secretariat for Personal Information Protection→Person in charge of divisional information management(Office General Manager), Person in charge of divisional information management(Division Head), Person in charge of divisional information management(Branch Manager), Internal audit appointer(internal) Representative of business(President)→Auditor for information security management / Personal information Protection(Corporate Auditor)→Information security management committee / Secretariat for Personal Information Protection→Person in charge of divisional information management(Office General Manager), Person in charge of divisional information management(Division Head), Person in charge of divisional information management(Branch Manager), Internal audit appointer(internal)
Representative of business(President)→Auditor for information security management / Personal information Protection(Corporate Auditor)→Internal audit appointer(internal)

Amano Corporation - Basic Policies for Information Security

Amano Corporation (the company herein) is a company that provides products, solutions, and service related to Time & Ecology. The company's officers and employees and all others who handle the company's information are committed to deepening their understanding of the importance of information security. Based on the Basic Policies for Information Security they will seek to maintain and improve social credibility and business continuance by preventing, correcting information leakage.

Scope
Applies to all tangible, intangible forms of information. In addition, we will guide all third parties to comply who handle the same information as the company.
Information security framework
The company, based on the "Basic Policies for Compliance", has revised all information related rules and regulations and has appointed persons in charge of information management in all business divisions. By this the company has established a company wide framework for information security.
Compliance with laws and regulations
The company will comply with all laws and regulations related to information security such as Personal Information Protection Act, and will honor the contracts with customers.
The management of information assets
The company will take measures to maintain confidentiality, integrity, and availability of its information assets.
  • Confidentiality: restricted to only those authorized to have access to information assets.
  • Integrity: the accuracy and integrity of information assets will be protected.
  • Availability: ensuring that the information is available when necessary.
The prevention measures against information security incidents
The company will do all that is possible to prevent information security incidents. In an unlikely event that an incident does occur, the company will take appropriate actions and formulate relapse prevention measures.
Information security education
The company educates and enlightens all employees for the purpose to deepening their understanding of the importance of information security and to improve the technology.
Continuous improvement
The company will endeavor to continuously revise and the improve Basic Policies for Information Security and all related rules and regulations.

Established 24th March 2008
Revised 3rd March 2010

Initiatives for Information Security Management

Formulating rules for information security management

In March 2010, we formulated our new "Information Security Management Rules" based on our Information Security Management System (ISMS). Stipulations in our "Personal Information Protection Management Rules" that are common to the new rules were reviewed and integrated into a single system. The newly formulated rules were implemented in April 2010.

Training on Information Security Management/Personal Information Protection

Conducting training for all employees (e-learning)

e-learning

At Amano, we provide periodic training on information security management and personal information protection every year for all of our employees, including those working at Amano group companies in Japan. We review the training materials annually to provide e-learning from the perspectives listed below and to ensure that all of the targeted employees complete the training during the designated time frame.

  1. Japan's Personal Information Protection Act and the PrivacyMark system
  2. Knowledge of and rules for information security management
  3. Specific safety management measures
  4. Risk management and emergency response
  5. Test to assess understanding of 1 through 4 above

*We use paper media (training documents) in the training program for factory employees who do not use PCs regularly.